OpenVPN
yum install vim zip yum install epel-release yum install openvpn easy-rsa --enablerepo=epel
cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn/ cp -p /usr/share/easy-rsa/2.0/vars{,.default}
vim /usr/share/easy-rsa/2.0/vars
export KEY_COUNTRY="JP" export KEY_PROVINCE="Tokyo" export KEY_CITY="Hoge-ku" export KEY_ORG="Piyo Company" export KEY_EMAIL="piyo@hoge.com" export KEY_OU="HogePiyo"
証明書作成ツールで証明書作成
cd /usr/share/easy-rsa/2.0/ source ./vars ./clean-all ./build-ca #認証局情報を対話で入力 ./build-key-server server #証明書情報、パスフレーズを対話で入力
サーバ証明書、秘密鍵、その他必要なファイルの生成
ln -s /usr/share/easy-rsa/2.0/keys/server.crt /etc/openvpn/ ln -s /usr/share/easy-rsa/2.0/keys/server.key /etc/openvpn/ ln -s /usr/share/easy-rsa/2.0/keys/ca.crt /etc/openvpn/
sh ./build-dh ln -s /usr/share/easy-rsa/2.0/keys/dh2048.pem /etc/openvpn/ openvpn --genkey --secret /etc/openvpn/ta.key
ダミーの証明書を作成・削除して証明書廃止リストを作成
./build-key dummy ./revoke-full dummy ln -s /usr/share/easy-rsa/2.0/keys/crl.pem /etc/openvpn/
サービス登録、起動
sudo chkconfig --level 345 openvpn on vim /etc/init.d/openvpn
echo 1 > /proc/sys/net/ipv4/ip_forward
↑コメントを外す
service openvpn start
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE service iptables save iptables -t nat -nvL
クライアント証明書の作成
cd /usr/share/easy-rsa/2.0/ source ./vars ./build-key user1 cd keys mkdir /tmp/vpn_user1 cp -p user1.crt /tmp/vpn_user1/ cp -p user1.key /tmp/vpn_user1/ cp -p /etc/openvpn/ta.key /tmp/vpn_user1/ cp -p /etc/openvpn/ca.crt /tmp/vpn_user1/ cd /tmp/vpn_user1
vim ./vpn_user1.conf
client remote {サーバーホスト} proto udp dev tun port 1194 tls-client ca ca.crt cert user1.crt key user1.key comp-lzo keepalive 10 60 ping-timer-rem persist-tun persist-key redirect-gateway def1
zip -r ~/vpn_user1.zip .